>
> There might be a couple of alternate solutions coming to mind:
> 1. move all internet Routes to the CE1 table and use static routes to point
> back at the VRF with next-table from inet.0 which will not really scale
> beyond a single l3vpn.
> 2. use a separate VRF for the internet routes and use auto-export,
> rib-groups, vrf-import/export policy to move routes around. This would need a
> rework of our network and is not really feasible right now.
If point 2. is not feasible then you can do below
Since you have already put a static route from VRF pointing to inet.0 for the
traffic going to internet now you need to work for reverse traffic from
internet to CE1 or CE2 .
As you have mentioned that they use Public IP in that case you can put all VPN
routes (from CE1 and CE2 ) or aggregate routes into inet.0 using rib-goups to
attract reverse traffic from internet .
Bikram
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
